A Method for Reducing the Risk of Errors in Digital Forensic Investigations

详细信息    查看全文

• 作者：Graeme Horsman (1) Graeme.horsman@springer.com
  Christopher Laing (1)
  Paul Vickers (1)
• 关键词：Digital forensics &#8211 ; Auditing &#8211 ; Case ; based reasoning &#8211 ; Contributory
• 刊名：Lecture Notes in Computer Science
• 出版年：2012
• 出版时间：2012
• 年：2012
• 卷：7394
• 期：1
• 页码：99-106
• 全文大小：196.5 KB
• 参考文献：1. Bem, D., Feld, F., Huebner, E., Bem, O.: Computer Forensics - Past, Present and Future. Journal of Information Science and Technology 5(3), 43–59 (2008)
  2. Rogers, M.K., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer Forensics Field Triage Process Model. In: Conference on Digital Forensics, Security and Law (2006), http://www.digitalforensics-conference.org/CFFTPI/CDFSL-proceedings2006-CFFTPM.pdf
  3. Lalla, H., Flowerday, S.V.: Towards a Standardised Digital Forensic Process: Email Forensics. In: 2010 Information Security for South Africa (ISSA 2010) Conference (2010)
  4. Freiling, F.C., Schwittay, B.: A Common Process Model for Incident Response and Computer Forensics. In: 2007 Proceedings of Conference on IT Incident Management and IT Forensics, Germany (2007)
  5. Richard, G.G., Roussev, V.: Next-generation digital forensics. Communications of the ACM 49(2), 76–80 (2006)
  6. Sheldon, A.: The future of forensic computing. Digital Investigation 2, 31–35 (2005)
  7. Bruschi, D., Monga, M.: How to Reuse Knowledge About Forensic Investigations. In: Digital Forensics Research Workshop (2004)
  8. ADF Triage Solutions for Evidence and Intelligence Acquisition (2010) (accessed: March 24, 2011)
  9. Ayers, D.: A second generation computer forensic analysis system. Digital Investigation 6, 34–42 (2009)
  10. Taylor, C., Endicott-Popovskyb, B., Frinckec, D.A.: Specifying digital forensics: A forensics policy approach. Digital Investigation 4, 101–104 (2007)
  11. National Institute of Standards and Technology, Expert Working Group on Human Factors in Latent Print Analysis. Latent Print Examination and Human Factors: Improving the Practice through a Systems Approach. U.S. Department of Commerce (2012)
  12. Erbacher, R.F.: Validation for Digital Forensics. In: 2010 Seventh International Conference on Information Technology: New Generations, ITNG (2010)
  13. Bruschi, D., Monga, M.: How to Reuse Knowledge About Forensic Investigations. In: Digital Forensics Research Workshop (2004)
  14. Sheldon, A.: The future of forensic computing. Digital Investigation 2, 31–35 (2005)
  15. Jamil, S., Aeiker, J.D., Crow, D.R.: Auditing is Key. IEEE Industry Applications Magazine 16, 47–56 (2010)
  16. Aamodt, A., Plaza, E.: Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7, 39–59 (1994)
  17. Xu, L.: Developing a case-based knowledge system for AIDS prevention. Expert Systems 11, 237–244 (1994)
  18. Guidance Software ‘EnCase Forensic’ (2012), http://www.guidancesoftware.com/forensic.htm
  19. Rissland, E., Kevin, A., Branting, L.K.: Case-based reasoning and law. The Knowledge Engineering Review 20, 293–298 (2005)
  20. Katedee, S., Sanrach, C., Thesawadwong, T.: Case-Based Reasoning System for Histopathology Diagnosis. In: 2010 International Conference on Educational and Information Technology, ICEIT (2010)
  21. Kolodner, J.: An Introduction to Case-Based Reasoning. Artificial Intelligence Review 6, 3–34 (1992)
  22. Kerr, S.G., Jooste, S., Grupe, F.H., Vreeland, J.M.: A case-based approach to the evaluation of new audit clients. Journal of Computer Information Systems 47(4), 19–27 (2007)
  23. Aamodt, A., Plaza, E.: Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7, 39–59 (1994)
  24. Keppens, J., Schaferb, B.: Knowledge based crime scenario modelling. Expert Systems with Applications 30, 203–222 (2006)
  25. Dudai, Y.: How Big Is Human Memory, or On Being Just Useful Enough. Learning and Memory 3(5), 341–365 (1997)
  26. Timmermans, D.: The Impact of Task Complexity on Information Use in Multi-attribute Decision Making. Journal of Behavioral Decision Making 6, 95–111 (1993)
  27. Reeson, A., Dunstall, S.: Behavioural Economics and Complex Decision-Making. Implications for the Australian Tax and Transfer System (2009), http://taxreview.treasury.gov.au/content/html/commissioned_work/downloads/CSIRO_AFTS_Behavioural_economics_paper.pdf (accessed February 1, 2012)
  28. Horsman, G., Laing, C., Vickers, P.: A Case Based Reasoning Framework for Improving the Trustworthiness of Digital Forensic Investigations. In: The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2012)
• 作者单位：1. Computing, Engineering and Information Sciences, Northumbria University, Newcastle-Upon-Tyne, United Kingdom
• ISSN：1611-3349

文摘

Motivated by the concerns expressed by many academics over difficulties facing the digital forensic field, user-contributory case-based reasoning (UCCBR); a method for auditing digital forensic investigations is presented. This auditing methodology is not designed to replace a digital forensic practitioner but to aid their investigation process, acting as a method for reducing the risks of missed or misinterpreted evidence. The structure and functionality of UCCBR is discussed and its potential for implementation within a digital forensic environment.